BIND does not sufficiently limit the number of fetches performed when processing referrals

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

N/A

ISC BIND 资源管理错误漏洞

ISC BIND是美国ISC公司的一套实现了DNS协议的开源软件。 ISC BIND中存在安全漏洞。远程攻击者可利用该漏洞造成拒绝服务。以下产品及版本受到影响：BIND 9.0.0版本至 9.11.18版本，9.12.0版本至 9.12.4-P2版本，9.14.0版本至 9.14.11版本，9.16.0版本至 9.16.2版本，9.17.0版本至9.17.1版本，9.13版本，9.15版本，BIND Supported Preview Edition 9.9.3-S1版本至9.11.18-S1版本。

N/A

N/A